On Mon, Dec 10, 2007, Vittorio Giovara wrote: > hi! > while i was testing encoding options of openssl i found this parameter list > > options are > -in <file> input file > -out <file> output file > -pass <arg> pass phrase source > -e encrypt > -d decrypt > -a/-base64 base64 encode/decode, depending on encryption flag > -k passphrase is the next argument > -kfile passphrase is the first line of the file argument > -md the next argument is the md to use to create a key > from a passphrase. One of md2, md5, sha or sha1 > -K/-iv key/iv in hex is the next argument > -[pP] print the iv/key (then exit if -P) > -bufsize <n> buffer size > -engine e use engine e, possibly a hardware device. > Cipher Types > (...) > > every option is documented in the manual and on the openssl site, but > i couldn't find any explanation of the -md parameter! > > i included it on some commands but i did not notice any differences on > the file output > i taking a (wild) guess saying that adds entropy to the key generated > form the password... > > do you know what this option is for and why it isn't documented? > thanks a lot!
It is the message digest used for key derivation. For a long time if was just MD5 but this isn't usable in FIPS enabled versions of OpenSSL so the default is SHA1 in that case. By explicitly stating the value on the command line you can make both versions compatible. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
